Don't insist on NEW state for odd protocols -- part 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@257 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/firewall

@@ -1145,10 +1145,10 @@ setup_tunnels() # $1 = name of tunnels file
     setup_one_ipsec() # $1 = gateway $2 = gateway zone
     {
 	options="-m state --state NEW -j ACCEPT"
-	addrule $inchain	  -p 50	 -s $1 $options
+	addrule $inchain	  -p 50	 -s $1
-	addrule $outchain	  -p 50	 -d $1 $options
+	addrule $outchain	  -p 50	 -d $1
-	run_iptables -A $inchain  -p 51	 -s $1 $options
+	run_iptables -A $inchain  -p 51	 -s $1
-	run_iptables -A $outchain -p 51	 -d $1 $options
+	run_iptables -A $outchain -p 51	 -d $1
 	run_iptables -A $inchain  -p udp -s $1 --sport 500 --dport 500 $options
 	run_iptables -A $outchain -p udp -d $1 --dport 500 --sport 500 $options
 
@@ -1166,9 +1166,8 @@ setup_tunnels() # $1 = name of tunnels file
 
     setup_one_other() # $1 = TYPE, $2 = gateway, $3 = protocol
     {
-	options="-m state --state NEW -j ACCEPT"
+	addrule $inchain  -p $3 -s $2
-	addrule $inchain  -p $3 -s $2 $options
+	addrule $outchain -p $3 -d $2
-	addrule $outchain -p $3 -d $2 $options
 
 	echo "   $1 tunnel to $gateway defined."
     }
@@ -1705,6 +1704,7 @@ add_a_rule()
 	    state="-m state --state RELATED"
 	    ;;
 	*)
+	    state=
 	    [ -n "$port" ] && [ "x${port}" != "x-" ] && \
 		fatal_error "Port number not allowed with protocol " \
 		"\"$proto\"; rule: \"$rule\""